relay crash in libcrypto (tor_tls_handshake)
This is on a very fast relay (>200 mbit/s). Started happening day before yesterday without any known changes to tor, libevent or openssl. Reproducable within hours it seems.
$ uname -a Linux tor 2.6.32-38-server legacy/trac#83 (moved)-Ubuntu SMP Wed Jan 4 11:26:59 UTC 2012 x86_64 GNU/Linux
libevent is 2.0.19-stable.
Jun 01 08:49:46.000 [notice] Tor 0.2.3.15-alpha (git-2513a3e959b61612) opening log file.
Jun 01 08:49:46.000 [notice] This version of OpenSSL has a known-good EVP counter-mode implementation. Using it.
Jun 01 08:49:46.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Jun 01 08:49:46.000 [notice] Your Tor server's identity key fingerprint is 'ndnr1 6330CCF8FEED2EF9B12FCF6688E2577C65522BA4'
(gdb) bt full
#0 0x00007ffff6a02acd in write () from /lib/libc.so.6
No symbol table info available.
#1 0x00007ffff71a1035 in sock_write () from /home/linus/usr/lib/libcrypto.so.1.0.0
No symbol table info available.
#2 0x00007ffff719f1a7 in BIO_write () from /home/linus/usr/lib/libcrypto.so.1.0.0
No symbol table info available.
#3 0x00007ffff71a2389 in buffer_ctrl () from /home/linus/usr/lib/libcrypto.so.1.0.0
No symbol table info available.
#4 0x00007ffff74b6307 in ssl3_accept () from /home/linus/usr/lib/libssl.so.1.0.0
No symbol table info available.
#5 0x00007ffff74c2b05 in ssl23_get_client_hello () from /home/linus/usr/lib/libssl.so.1.0.0
No symbol table info available.
#6 0x00007ffff74c33e5 in ssl23_accept () from /home/linus/usr/lib/libssl.so.1.0.0
No symbol table info available.
#7 0x000000000052e3f9 in tor_tls_handshake (tls=0x7fffdc774b60) at tortls.c:1743
r = 0
oldstate = 24576
__PRETTY_FUNCTION__ = "tor_tls_handshake"
__func__ = "tor_tls_handshake"
#8 0x00000000004bd04e in connection_tls_continue_handshake (conn=0x7fffdc4507a0)
at connection_or.c:1182
result = 7
__PRETTY_FUNCTION__ = "connection_tls_continue_handshake"
__func__ = "connection_tls_continue_handshake"
#9 0x00000000004bcf01 in connection_tls_start_handshake (conn=0x7fffdc4507a0, receiving=1)
at connection_or.c:1139
__PRETTY_FUNCTION__ = "connection_tls_start_handshake"
__func__ = "connection_tls_start_handshake"
#10 0x00000000004a7b5b in connection_init_accepted_conn (conn=0x7fffdc4507a0, listener=0x7ac900)
at connection.c:1278
No locals.
#11 0x00000000004a7a7f in connection_handle_listener_read (conn=0x7ac900, new_type=4)
at connection.c:1256
news = 314
newconn = 0x7fffdc4507a0
addrbuf = {ss_family = 2, __ss_align = 0, __ss_padding = '\000' <repeats 111 times>}
remote = 0x7fffffffddd0
remotelen = 16
options = 0x7a9c80
__PRETTY_FUNCTION__ = "connection_handle_listener_read"
__func__ = "connection_handle_listener_read"
#12 0x00000000004aad5e in connection_handle_read_impl (conn=0x7ac900) at connection.c:2627
max_to_read = -1
try_to_read = 140737354119250
before = 140737488346864
n_read = 0
socket_error = 0
__PRETTY_FUNCTION__ = "connection_handle_read_impl"
__func__ = "connection_handle_read_impl"
#13 0x00000000004ab14e in connection_handle_read (conn=0x7ac900) at connection.c:2721
res = 32767
#14 0x000000000040a578 in conn_read_callback (fd=8, event=2, _conn=0x7ac900) at main.c:702
conn = 0x7ac900
__PRETTY_FUNCTION__ = "conn_read_callback"
#15 0x00007ffff771010c in event_process_active_single_queue (base=0x7ac110, flags=<value optimized out>)
at event.c:1346
ev = 0x7ac9d0
#16 event_process_active (base=0x7ac110, flags=<value optimized out>) at event.c:1416
activeq = 0x7ab9b0
i = 0
#17 event_base_loop (base=0x7ac110, flags=<value optimized out>) at event.c:1617
n = 1
evsel = 0x7ffff7940d80
tv = {tv_sec = 0, tv_usec = 53123}
tv_p = <value optimized out>
res = <value optimized out>
retval = <value optimized out>
__func__ = "event_base_loop"
#18 0x000000000040cf32 in do_main_loop () at main.c:1924
loop_result = 0
now = 1338533388
__PRETTY_FUNCTION__ = "do_main_loop"
__func__ = "do_main_loop"
#19 0x000000000040e4a7 in tor_main (argc=3, argv=0x7fffffffe1f8) at main.c:2619
result = 0
__PRETTY_FUNCTION__ = "tor_main"
#20 0x0000000000408b34 in main (argc=3, argv=0x7fffffffe1f8) at tor_main.c:30
No locals.